From 6fd1d2462400f2921f9b3f55766b3dbc13361a34 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 23 Nov 2022 18:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2009/1xxx/CVE-2009-1142.json | 53 ++++++++++++- 2009/1xxx/CVE-2009-1143.json | 53 ++++++++++++- 2020/1xxx/CVE-2020-1045.json | 15 ++++ 2021/35xxx/CVE-2021-35284.json | 56 ++++++++++++-- 2021/38xxx/CVE-2021-38578.json | 6 +- 2022/23xxx/CVE-2022-23740.json | 133 +++++++++++++++++---------------- 2022/34xxx/CVE-2022-34526.json | 7 +- 2022/36xxx/CVE-2022-36111.json | 12 +-- 2022/38xxx/CVE-2022-38266.json | 7 +- 2022/39xxx/CVE-2022-39833.json | 48 +++++++++++- 2022/40xxx/CVE-2022-40304.json | 66 ++++++++++++++-- 2022/40xxx/CVE-2022-40771.json | 61 +++++++++++++-- 2022/40xxx/CVE-2022-40772.json | 61 +++++++++++++-- 2022/42xxx/CVE-2022-42905.json | 5 ++ 2022/4xxx/CVE-2022-4131.json | 18 +++++ 15 files changed, 494 insertions(+), 107 deletions(-) create mode 100644 2022/4xxx/CVE-2022-4131.json diff --git a/2009/1xxx/CVE-2009-1142.json b/2009/1xxx/CVE-2009-1142.json index a275252ffb7..5aeb0566185 100644 --- a/2009/1xxx/CVE-2009-1142.json +++ b/2009/1xxx/CVE-2009-1142.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1142", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.gentoo.org/264577", + "refsource": "MISC", + "name": "https://bugs.gentoo.org/264577" + }, + { + "url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848", + "refsource": "MISC", + "name": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848" } ] } diff --git a/2009/1xxx/CVE-2009-1143.json b/2009/1xxx/CVE-2009-1143.json index e3cc95bf883..c1bd5bb4674 100644 --- a/2009/1xxx/CVE-2009-1143.json +++ b/2009/1xxx/CVE-2009-1143.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1143", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.gentoo.org/264577", + "refsource": "MISC", + "name": "https://bugs.gentoo.org/264577" + }, + { + "url": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848", + "refsource": "MISC", + "name": "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848" } ] } diff --git a/2020/1xxx/CVE-2020-1045.json b/2020/1xxx/CVE-2020-1045.json index abac6aa5d6a..dc8b23772f3 100644 --- a/2020/1xxx/CVE-2020-1045.json +++ b/2020/1xxx/CVE-2020-1045.json @@ -69,6 +69,21 @@ "refsource": "FEDORA", "name": "FEDORA-2020-48fa1ad65c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318", + "url": "https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318" + }, + { + "refsource": "MISC", + "name": "https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600", + "url": "https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600" + }, + { + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2020:3699", + "url": "https://access.redhat.com/errata/RHSA-2020:3699" } ] } diff --git a/2021/35xxx/CVE-2021-35284.json b/2021/35xxx/CVE-2021-35284.json index 706e8ed13f2..7427eb2539a 100644 --- a/2021/35xxx/CVE-2021-35284.json +++ b/2021/35xxx/CVE-2021-35284.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35284", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35284", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/rizalafani/cms-php/issues/1", + "refsource": "MISC", + "name": "https://github.com/rizalafani/cms-php/issues/1" } ] } diff --git a/2021/38xxx/CVE-2021-38578.json b/2021/38xxx/CVE-2021-38578.json index 02364552623..8eb10d44ac6 100644 --- a/2021/38xxx/CVE-2021-38578.json +++ b/2021/38xxx/CVE-2021-38578.json @@ -40,7 +40,7 @@ "version": { "version_data": [ { - "version_value": "edk2-stable201808", + "version_value": "edk-stable202208", "version_affected": "=" } ] @@ -74,10 +74,10 @@ { "base64": false, "type": "text/html", - "value": "https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6
" + "value": "patch https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6

" } ], - "value": " https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6 https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6 \n" + "value": "patch\u00a0 https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6 https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6 \n\n" } ], "impact": { diff --git a/2022/23xxx/CVE-2022-23740.json b/2022/23xxx/CVE-2022-23740.json index c3938d53cdd..39a7be7b174 100644 --- a/2022/23xxx/CVE-2022-23740.json +++ b/2022/23xxx/CVE-2022-23740.json @@ -1,73 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "product-cna@github.com", - "ID": "CVE-2022-23740", - "STATE": "PUBLIC", - "TITLE": "Improper Neutralization of Argument Delimiters in a Command in GitHub Enterprise Server leading to Remote Code Execution" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "GitHub Enterprise Server", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "3.7", - "version_value": "3.7.1" - } - ] + "CVE_data_meta": { + "ASSIGNER": "product-cna@github.com", + "ID": "CVE-2022-23740", + "STATE": "PUBLIC", + "TITLE": "Improper Neutralization of Argument Delimiters in a Command in GitHub Enterprise Server leading to Remote Code Execution" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GitHub Enterprise Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.7", + "version_value": "3.7.1" + } + ] + } + } + ] + }, + "vendor_name": "GitHub" } - } ] - }, - "vendor_name": "GitHub" } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "yvvdwf" - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { + }, + "credit": [ + { "lang": "eng", - "value": "CWE-88" - } + "value": "yvvdwf" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.1" - } - ] - }, - "source": { - "discovery": "EXTERNAL" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-88" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.1", + "name": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.1" + } + ] + }, + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34526.json b/2022/34xxx/CVE-2022-34526.json index 0b42061eafd..a5676e36333 100644 --- a/2022/34xxx/CVE-2022-34526.json +++ b/2022/34xxx/CVE-2022-34526.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file." + "value": "A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the \"tiffsplit\" or \"tiffcrop\" utilities." } ] }, @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20220930-0002/", "url": "https://security.netapp.com/advisory/ntap-20220930-0002/" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/libtiff/libtiff/-/issues/486", + "url": "https://gitlab.com/libtiff/libtiff/-/issues/486" } ] } diff --git a/2022/36xxx/CVE-2022-36111.json b/2022/36xxx/CVE-2022-36111.json index ce8f834f540..ed0b2292e7f 100644 --- a/2022/36xxx/CVE-2022-36111.json +++ b/2022/36xxx/CVE-2022-36111.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "immudb is a database with built-in cryptographic proof and verification. In versions prior to 1.4.1, a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list of verified operations resulting in acceptance of an invalid state value. This vulnerability only affects immudb client SDKs, the immudb server itself is not affected by this vulnerability.\n\nThis issue has been patched in version 1.4.1." + "value": "immudb is a database with built-in cryptographic proof and verification. In versions prior to 1.4.1, a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list of verified operations resulting in acceptance of an invalid state value. This vulnerability only affects immudb client SDKs, the immudb server itself is not affected by this vulnerability. This issue has been patched in version 1.4.1." } ] }, @@ -69,16 +69,16 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/codenotary/immudb/security/advisories/GHSA-672p-m5jq-mrh8", - "refsource": "CONFIRM", - "url": "https://github.com/codenotary/immudb/security/advisories/GHSA-672p-m5jq-mrh8" - }, { "name": "https://github.com/codenotary/immudb/releases/tag/v1.4.1", "refsource": "MISC", "url": "https://github.com/codenotary/immudb/releases/tag/v1.4.1" }, + { + "name": "https://github.com/codenotary/immudb/security/advisories/GHSA-672p-m5jq-mrh8", + "refsource": "CONFIRM", + "url": "https://github.com/codenotary/immudb/security/advisories/GHSA-672p-m5jq-mrh8" + }, { "name": "https://github.com/codenotary/immudb/tree/master/docs/security/vulnerabilities/linear-fake", "refsource": "MISC", diff --git a/2022/38xxx/CVE-2022-38266.json b/2022/38xxx/CVE-2022-38266.json index 5fb1d0c09e3..d85f8183ea4 100644 --- a/2022/38xxx/CVE-2022-38266.json +++ b/2022/38xxx/CVE-2022-38266.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue in the Leptonica linked library (v1.79.0) in Tesseract v5.0.0 allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file." + "value": "An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file." } ] }, @@ -56,6 +56,11 @@ "url": "https://github.com/tesseract-ocr/tesseract/issues/3498", "refsource": "MISC", "name": "https://github.com/tesseract-ocr/tesseract/issues/3498" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/DanBloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614", + "url": "https://github.com/DanBloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614" } ] } diff --git a/2022/39xxx/CVE-2022-39833.json b/2022/39xxx/CVE-2022-39833.json index 0c24128a61b..288d699b0f9 100644 --- a/2022/39xxx/CVE-2022-39833.json +++ b/2022/39xxx/CVE-2022-39833.json @@ -5,13 +5,57 @@ "CVE_data_meta": { "ID": "CVE-2022-39833", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.filecloud.com/supportdocs/fcdoc/latest/server/security-advisories/2022-security-advisories/advisory-2022-10-01-unauthorized-access-and-potential-remote-code-execution", + "url": "https://www.filecloud.com/supportdocs/fcdoc/latest/server/security-advisories/2022-security-advisories/advisory-2022-10-01-unauthorized-access-and-potential-remote-code-execution" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request." } ] } diff --git a/2022/40xxx/CVE-2022-40304.json b/2022/40xxx/CVE-2022-40304.json index 8270d46746e..3c305f9276b 100644 --- a/2022/40xxx/CVE-2022-40304.json +++ b/2022/40xxx/CVE-2022-40304.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40304", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40304", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/libxml2/-/tags" + }, + { + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3", + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3" + }, + { + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b", + "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b" } ] } diff --git a/2022/40xxx/CVE-2022-40771.json b/2022/40xxx/CVE-2022-40771.json index b7e9c07d11c..1d9bdbf929e 100644 --- a/2022/40xxx/CVE-2022-40771.json +++ b/2022/40xxx/CVE-2022-40771.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40771", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40771", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://manageengine.com", + "refsource": "MISC", + "name": "https://manageengine.com" + }, + { + "refsource": "MISC", + "name": "https://www.manageengine.com/products/service-desk/CVE-2022-40771.html", + "url": "https://www.manageengine.com/products/service-desk/CVE-2022-40771.html" } ] } diff --git a/2022/40xxx/CVE-2022-40772.json b/2022/40xxx/CVE-2022-40772.json index f346f33a6c7..e10bce60e86 100644 --- a/2022/40xxx/CVE-2022-40772.json +++ b/2022/40xxx/CVE-2022-40772.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-40772", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-40772", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://manageengine.com", + "refsource": "MISC", + "name": "https://manageengine.com" + }, + { + "refsource": "MISC", + "name": "https://www.manageengine.com/products/service-desk/CVE-2022-40772.html", + "url": "https://www.manageengine.com/products/service-desk/CVE-2022-40772.html" } ] } diff --git a/2022/42xxx/CVE-2022-42905.json b/2022/42xxx/CVE-2022-42905.json index 8387588eb06..24d42580710 100644 --- a/2022/42xxx/CVE-2022-42905.json +++ b/2022/42xxx/CVE-2022-42905.json @@ -61,6 +61,11 @@ "url": "https://github.com/wolfSSL/wolfssl/releases", "refsource": "MISC", "name": "https://github.com/wolfSSL/wolfssl/releases" + }, + { + "refsource": "MISC", + "name": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable", + "url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable" } ] } diff --git a/2022/4xxx/CVE-2022-4131.json b/2022/4xxx/CVE-2022-4131.json new file mode 100644 index 00000000000..a72321d079e --- /dev/null +++ b/2022/4xxx/CVE-2022-4131.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4131", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file